Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia: 2023-0283 High: Chromium-Browser-Stable Heap Overflow Exploit

mageia
Calendar Grey October 3, 2023
Dist Mageia Esm H88
MGASA-2023-0284 resolves issues while tackling 29 security flaws in the chromium-browser-stable software. Update is advised.
The chromium-browser-stable package has been updated to the 117.0.5938.92 release, fixing bugs and 31 vulnerabilities, together with 117.0.5938.92, 117.0.5938.88, 117.0.5938.62, 11...

Summary

The chromium-browser-stable package has been updated to the 117.0.5938.92 release, fixing bugs and 31 vulnerabilities, together with 117.0.5938.92, 117.0.5938.88, 117.0.5938.62, 116.0.5845.187 and 116.0.5845.179.
Google is aware that an exploit for CVE-2023-5217 exists in the wild.
High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25
High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05
High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25
Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06
Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06
Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang ...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=32317

- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_21.html

- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_15.html

- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html

- https://www.cve.org/CVERecord?id=CVE-2023-4863

- https://www.cve.org/CVERecord?id=CVE-2023-4900

- https://www.cve.org/CVERecord?id=CVE-2023-4901

- https://www.cve.org/CVERecord?id=CVE-2023-4902

- https://www.cve.org/CVERecord?id=CVE-2023-4903

- https://www.cve.org/CVERecord?id=CVE-2023-4904

- https://www.cve.org/CVERecord?id=CVE-2023-4905

- https://www.cve.org/CVERecord?id=CVE-2023-4906

- https://www.cve.org/CVERecord?id=CVE-2023-4907

- https://www.cve.org/CVERecord?id=CVE-2023-4908

- https://www.cve.org/CVERecord?id=CVE-2023-4909

- https://www.cve.org/CVERecord?id=CVE-2023-4863

- https://www.cve.org/CVERecord?id=CVE-2023-4761

- https://www.cve.org/CVERecord?id=CVE-2023-4762

- https://www.cve.org/CVERecord?id=CVE-2023-4763

- https://www.cve.org/CVERecord?id=CVE-2023-4764

- https://www.cve.org/CVERecord?id=CVE-2023-5186

- https://www.cve.org/CVERecord?id=CVE-2023-5187

- https://www.cve.org/CVERecord?id=CVE-2023-5217

Topics%20covered

Topics Covered

security advisory critical issue software fix heap overflow browser update high-severity Mageia

Resolution

SRPMS

- 9/tainted/chromium-browser-stable-117.0.5938.132-1.mga9.tainted

Publication date: 03 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0283.html
Type: security
CVE: CVE-2023-4863, CVE-2023-4900, CVE-2023-4901, CVE-2023-4902, CVE-2023-4903, CVE-2023-4904, CVE-2023-4905, CVE-2023-4906, CVE-2023-4907, CVE-2023-4908, CVE-2023-4909, CVE-2023-4863, CVE-2023-4761, CVE-2023-4762, CVE-2023-4763, CVE-2023-4764, CVE-2023-5186, CVE-2023-5187, CVE-2023-5217

Topics%20covered

Topics Covered

security advisory critical issue software fix heap overflow browser update high-severity Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here